The forum is frozen forever - but it won't die; it'll stay for long in search engine results and we hope it would keep helping newbies in some way or other - cheers!

Recent Blogs Posts

NULLCON is one of the best information security conference in India and every year everyone from the InfoSec community attends it. I have a great interest in Security and hacking ( If you follow my blog you will probably know it already www.hackatrick.com ) and yes I too look forward to the conference. Every year most of my friends who are into security attend NULLCON. I failed to go last year due to my Exams and last to last year i had my class 12 boards exam.

i was a part of infosec community for over a year. And many times i came across the people who told me about this amazing tech convention which was held in Goa march every year. This got me really excited for the NULLCON.

So i did little research about nullcon and how to get entry in this event. So i got to know that there ware passes available to get in the event. But at that time i was not able to afford the passes so i dropped the idea to go in nullcon. But later on i heard about
...

Hello, I am Double Chow.The purpose of establishing WeChat Subscription is to share knowledge about cyber security ,simple but very fun that we maybe often used in daily life .Today, we share an article about cracking WIFI. The most simple way: use third party interface to crack WIFI, whcih is called the first step to break our village WIFI. In order to facilitate the application in the actual scene,I put all the operations on the phone as possible .The first step, WarDriving collect WIFI
...

Recently, I stumbled on a very simple bug in Foxit Reader for Mac and Linux (From here on, just Foxit Reader). The vulnerability was caused by improper file permissions granted on core Foxit Reader's files on Linux and Mac systems. An attacker with a low privilege access could've exploited this vulnerability to elevate their privileges, execute commands as a higher privileged user, or both.

Since the title goes by the name "command injection" , you all might be thinking it as "normal Command injection which affects servers" but this vulnerability is quite different.
We can put this in different way as "Client Side command injection".

I have some work to do. I have some salted hashed files from the dump MySql database. I need to crack the password from the salted hashed files. I have used hashcat, findmyhash and many more other things to crack but unsuccessful. So need your help. If anyone can help me, i will really appreciate this. I only have one day left. Here is the salted :
2834da08d58330d8dafbb2ac1c0f85f6b3b135ef
92e54f10103a3c511853c7098c04141f114719c1
437fbc6892b38db6ac5bdbe2eab3f7bc924527d9
...

During my regular job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability remotely.

Hello Guys, After several days I was busy at work, I come back with a new subject which you can see on top of this text. Before I start, I’ve to say my IOS is updated and version is 8.3. Keep reading to know more.

I don’t want make it hard to be understood, so I explain it basic and fast. All you need to do is to turn on WiFi or mobile internet data and lock the screen, as you can see, iPhone just let you to call emergency numbers [example: 911]. Now you hold the “Home” button and
...

Hello world! [ Including People , Robots, Zombies Dariush & Arash, Alien dudes if they exist, and my friends ], By the way, I decided to write about a Gmail Bug. It’s not a vulnerability of Gmail but it’s some kind of bug let us know if we hack a Gmail, we can login it or not without alert the Gmail owner. I talking about 2-Step verification, Imagine to grab a Gmail password and not be sure to login or not , victim might be use Gmail SMS auth service and when you click login, Google send victim
...